Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Visual 1 IS-906: Workplace Security Awareness
IS-906: Workplace Security Awareness
Visual 2 IS-906: Workplace Security Awareness
Course Administration Sign-in sheet Course evaluation forms Site logistics Emergency procedures Breaks Restrooms Cell phones/Blackberrys
Visual 3 IS-906: Workplace Security Awareness
Identify potential risks to workplace security.
Describe measures for improving workplace security.
Determine the actions to take in response to a security situation.
Course Objectives
Visual 4 IS-906: Workplace Security Awareness
Discussion Question
Visual 5 IS-906: Workplace Security Awareness
Three components: • Threat • Vulnerability • Consequence (Impact)
Components of Risk
Visual 6 IS-906: Workplace Security Awareness
Ever-increasing risks threaten: Worker safety. Employee morale. Economic livelihood.
Employees are an integral part of the security solution.
Security Begins With You
Visual 7 IS-906: Workplace Security Awareness
Determine what should be reported.
Report the incident. Never confront the
situation alone.
Security Measures for Employees
Visual 8 IS-906: Workplace Security Awareness
Common Threats
Visual 9 IS-906: Workplace Security Awareness
Limit access points. Use appropriate locks. Control entrances. Restrict access to key
areas, roofs, and HVAC systems.
Use identification systems.
Post signs.
Securing Access Points
Visual 10 IS-906: Workplace Security Awareness
Identification checks Limit on keys and cards Delivery search or
verification Employee-owned vehicle
database Limited access Personnel training
Access Control Procedures
Visual 11 IS-906: Workplace Security Awareness
ID badges or picture IDs provide quick identification of personnel.
ID Badges
Visual 12 IS-906: Workplace Security Awareness
Worn on outermost garment
No “piggybacking” No lending, sharing, or
borrowing of badges Report lost badges
immediately
Typical Badge Requirements
Visual 13 IS-906: Workplace Security Awareness
Scenario: Piggybacking
Visual 14 IS-906: Workplace Security Awareness
Should wear a visitor's badge.
Should be escorted at all times.
Nonemployees
Visual 15 IS-906: Workplace Security Awareness
Discussion: Missing ID Badge
Visual 16 IS-906: Workplace Security Awareness
Challenge if they: Are not wearing
identification or escorted appropriately.
Are inconsistent with the workplace dress code.
Appear lost or are asking for directions.
Unknown Individuals
Visual 17 IS-906: Workplace Security Awareness
Scenario: Unknown Individual
Visual 18 IS-906: Workplace Security Awareness
When you see someone without proper ID: Follow policies and
procedures. Approach only if
comfortable. Notify appropriate
personnel. Provide descriptive
information.
Lack of Proper Identification
Visual 19 IS-906: Workplace Security Awareness
Instructions: Working as a team: 1. Create a list of five techniques to use when
approaching an unknown individual. 2. Record your list on chart paper. 3. Select a spokesperson and be prepared to
present your list in 5 minutes.
Activity: Unknown Individual
Visual 20 IS-906: Workplace Security Awareness
Always report situations that may threaten security.
Report the Situation
Visual 21 IS-906: Workplace Security Awareness
Common Threats
Visual 22 IS-906: Workplace Security Awareness
Criminal or terrorist activities may occur anywhere, including: Hotels. Banks. Grocery stores. Manufacturing plants. Nonprofit organizations.
Criminal or Terrorist Threats
Visual 23 IS-906: Workplace Security Awareness
Discussion: Suspicious Behaviors
Visual 24 IS-906: Workplace Security Awareness
Scenario: Suspicious Behavior
Visual 25 IS-906: Workplace Security Awareness
Be alert for: Unusual situations. Suspicious packages or items: Unusual substances in quantity. Fumes, odors, or liquids coming from a
package. Disassembled electrical components. Plans, drawings, schematics, or maps.
Unusual or Suspicious Items
Visual 26 IS-906: Workplace Security Awareness
Immediately notify the appropriate person.
Do not approach or attempt to open or inspect a suspicious package.
Perimeter Breaches and Suspicious Packages
Visual 27 IS-906: Workplace Security Awareness
Scenario: Being Observant
Visual 28 IS-906: Workplace Security Awareness
Unattended or suspicious vehicles
Changes in vehicle patterns
Compromised Vehicle Access
Visual 29 IS-906: Workplace Security Awareness
Scenario: Suspicious Van
Visual 30 IS-906: Workplace Security Awareness
Keep calm. Keep the caller on the
line. Record every word. Obtain information. Pay attention to
background noises and caller’s voice.
Report immediately.
Bomb Threat Procedures
Visual 31 IS-906: Workplace Security Awareness
Be alert for: Threatening letters. Suspicious contents (white
powder, photos of the workplace).
Oil or grease spots, an inaccurate address, or excessive postage or packaging.
Suspicious Mail or Package
Visual 32 IS-906: Workplace Security Awareness
Theft is an unlawful or unauthorized acquisition by force or stealth.
Diversion is an unlawful or unauthorized acquisition by fraud or deceit.
Theft and Diversion
Visual 33 IS-906: Workplace Security Awareness
A container possibly missing some of its contents.
Should be reported. Can indicate a much
larger security problem.
Container Breach
Visual 34 IS-906: Workplace Security Awareness
Scenario: Theft and Diversion
Visual 35 IS-906: Workplace Security Awareness
Common Threats
Visual 36 IS-906: Workplace Security Awareness
Carried out by current or former employees.
Can be noticed by intuitive managers and/or coworkers.
Behavioral indicators displayed over a period of time.
Workplace Violence
Visual 37 IS-906: Workplace Security Awareness
Instructions: Working as a team: 1. Create a list of five indicators of
potentially violent behavior. 2. Record your list on chart paper. 3. Select a spokesperson and be prepared to
present your list in 5 minutes.
Activity: Indicators of Workplace Violence
Visual 38 IS-906: Workplace Security Awareness
Active Shooter Booklet
Active Shooter Pocket Guide
Active Shooter Poster
Workplace Violence Resources
Visual 39 IS-906: Workplace Security Awareness
Common Threats
Visual 40 IS-906: Workplace Security Awareness
Security can fail through unauthorized access to: An account name
and/or password. Locked areas
containing intellectual property and other sensitive information.
Portable devices.
Information and Cyber Threats
Visual 41 IS-906: Workplace Security Awareness
Scenario: Trash Bins
Visual 42 IS-906: Workplace Security Awareness
Common privacy law principles are based on the following Federal laws: Privacy Act of 1974 Freedom of Information Act (FOIA) E-Government Act of 2002 Fair Credit Reporting Act (FCRA) Health Insurance Portability and Accountability
Act of 1996 (HIPAA) Children’s Online Privacy Protection Act
(COPPA)
Protecting Information
Visual 43 IS-906: Workplace Security Awareness
Apply "need to know" principle.
Challenge need before sharing information.
Consider PII materials for official use only.
Limit collection of PII for authorized purposes.
Personally Identifiable Information (PII)
Visual 44 IS-906: Workplace Security Awareness
• Certificate/license numbers
• Vehicle identifiers including license plate numbers
• Internet protocol (IP) addresses
• Email addresses • Photographic/facial
images
• Name • Social Security number • Mailing address/ZIP
code • Telephone number • Account numbers • Date and place of birth • Biometric identifiers
(e.g., fingerprints)
PII Examples
Visual 45 IS-906: Workplace Security Awareness
Store in a secure area or destroy appropriately.
Never email to unauthorized individuals. Never leave on community printers. Take precautions against loss or theft of
computers and storage media. Notify immediate supervisor if loss or
compromise occurs.
Safeguarding Sensitive Information
Visual 46 IS-906: Workplace Security Awareness
Set date and time. Use secure recycling bins. Don’t print unnecessarily. Handle papers once. Scan and store documents. Clear space before going
home.
“Clean Desk” Policy
Visual 47 IS-906: Workplace Security Awareness
Scenario: Sensitive Document
Visual 48 IS-906: Workplace Security Awareness
Social engineers obtain information through: Telephone interactions. Face-to-face
interactions. Email or web
interactions.
Use of Social Engineering
Visual 49 IS-906: Workplace Security Awareness
Jean calls Mark posing as a Help Desk technician and requests user account information.
Social Engineering Example
Visual 50 IS-906: Workplace Security Awareness
Instructions: Working as a team: 1. Write a fictional scenario in which an act
of social engineering takes place. 2. Describe what the employee in your
scenario should have done. 3. Select a spokesperson and be prepared to
present your scenario in 5 minutes.
Activity: Social Engineering
Visual 51 IS-906: Workplace Security Awareness
Cyber Threats and Vulnerabilities
Visual 52 IS-906: Workplace Security Awareness
Firewalls and virus protection Password procedures Encryption software Access control systems Computer staff background checks Staff training and 24/7 on-call technical
support Intrusion detection systems System recovery and restoration plans
Cybersecurity Protective Measures
Visual 53 IS-906: Workplace Security Awareness
Minimum of eight characters
Combination of different character types
Not solely a dictionary word
Not easily guessed or obtained information
Strong Passwords
Visual 54 IS-906: Workplace Security Awareness
Discussion: Leaving the Office
Visual 55 IS-906: Workplace Security Awareness
Be vigilant. Take notice of
surroundings. Report suspicious items
or activities to local authorities immediately.
If You See Something, Say Something™
“If You See Something, Say Something™” used with permission of the New York Metropolitan Transportation Authority.
Visual 56 IS-906: Workplace Security Awareness
Identify vulnerabilities. Avoid complacency. Observe with all senses. Be aware. Take note of unusual or
suspicious behavior. Know whom to call. Get assistance.
Security Is Everyone’s Business
Visual 57 IS-906: Workplace Security Awareness
Training Web pages Videos Publications
Additional Resources
Visual 58 IS-906: Workplace Security Awareness
Instructions: 1. Take a few moments to review the Student
Manual and identify any questions. 2. Ensure all questions are answered. 3. When taking the test . . . Read each item carefully. Check all work and enter the answers
online.
Final Exam
Visual 59 IS-906: Workplace Security Awareness
Feedback
Please complete the course evaluation
form.
Your comments are important!